Method and device for computer memory protection against unauthorized access

ABSTRACT

A METHOD FOR PROTECTION COMPUTER MEMORY AGAINST UNAUTHORIZED ACCESS includes partitioning data received via communication links and instructions for controlling the processing of data incoming from a protected computer by means of an external controller. To substantially eliminate any breach in the firewall all the messages received in a communication session are logged into an external storage locked at the side of the protected computer, the external storage input is locked, and independently of CPU, long-term storage and operating storage of the protected computer, messages are sorted into textual and/or iconic files, program files and files of undefined type, and the demand in the files received and admissibility of their usage in the protected computer is individually determined. A DEVICE FOR CARRYING OUT THE METHOD comprises an external storage, a controllable input switch and a controllable output switch connected to the external controller.

FIELD OF INVENTION

The invention relates to methods for protection of computer memoryagainst unauthorized access of outside users via arbitrary communicationlinks and to the structure of devices for practicing such methods.

It should be taken into consideration that for the purpose of thisdescription, the following terms as employed herein and in the appendedclaims refer to the following concepts:

-   -   “computer” refers primarily to a personal computer (PC        hereafter) that operates individually or in a local net in the        mode of free data exchange with other computers through an        arbitrary communication link, and particularly through the        Internet;    -   “computer memory” refers to:    -   hardware, such as an on-board long-term storage (LTS hereafter)        and operating storage (OS hereafter), and    -   data sets, such as data bases (DB hereafter) and/or knowledge        bases (KB hereafter) and/or installed software (SW hereafter)        including data and/or knowledge base management systems stored        on said hardware;    -   “permanent storage (PS hereafter)” refers to at least one such        device for storing software connected with external controller        which is designed for processing (particularly for sorting and        testing) any entries from CPU, LTS and OS of the protected        computer;    -   “protection” refers to avoidance of unauthorized access to the        memory of any computer through arbitrary open communication        links and accordingly avoidance of stealing and/or damage and/or        change of SW and/or DB and/or KB;    -   “outside user” refers to any hacker, but mainly to a cracker who        aims at active impact on the operation of somebody else's        computer on his own will or by request.

BACKGROUND ART

It is commonly known that gigantic quantity of information is containedin the memory of modern computers; damage, loss or disclosure of suchinformation may lead to serious material and/or political losses.Therefore, damage of SW and especially DB or KB by computer viruses andtheft or changing of data have become long ago a serious threat even tohome PC owners, nothing to say about corporations, individual stateorganizations and states on the whole.

Actually, computer owners often suffer from viruses receivedaccidentally either from the Internet or along with letters from E-mailor during data exchange with other users using floppy disks or otherself-contained means for data storage and communication. And though thedevelopment and distribution of new viruses are usually not goal-seekinghooliganism, it is as more dangerous as less prepared are certain usersto virus attacks.

Still more dangerous is intended, goal-seeking cracking of databases ofcorporations, banks and public institutions by crackers. Notinfrequently, they act by the orders from competitors or terrorists,using more and more sophisticated cracking software of the ‘worm’ and/or‘Trojan horse’ types. Especially dangerous in the modern world iscracking of military dataware systems and troops control systems, whichcan open up unexpected possibilities for committing acts of terrorism.

It is clear from the above, that the means for preclusion of said threatmust be effective as much as possible regardless of the source andnature of the threat, reliable, simple, user friendly and sold at areasonable price.

Unfortunately, only some of those requirements can be successfullyfulfilled at present.

Well known are, e.g. means for reducing probability of unauthorizedaccess to computer memory, such as alphabetic, numeric and alphanumericpasswords. They are cheap, simple and easy-to-use.

However, in the course of development of the art of hacking, it hasturned out that such ‘verbal’ passwords are noticeable obstacles onlyfor novice users. Actually, nowadays even iconic passwords of the sortof fingerprints or iris of the legal PC user, which are substantiallymore expensive in use, do not protect the computer against cracking.Moreover, no passwords can protect SW, DB and KB against infection withviruses and against damage.

It is clear that creation and distribution of antiviruses, and, lately,antiviral software complexes with heuristic components reduce losses ofdamage of SW, DB and KB. However, this way is effective only in case theattack is done by identified viruses against which antiviruses have beencreated.

Another commonly known method of reducing the probability ofunauthorized access to the computer memory is based on the utilizationof cryptography (see chapter Conspiracy—Fiction and Reality in the book“Internet Security Secrets” by John R. Vacca, IDG Books Worldwide, Inc./

—

.

.

.

Internet.—

:

, 1997).

Unfortunately, this method is useful for safe data exchange only betweenusers well acquainted to each other, whose circle is very narrow, saidmethod involving codes that comprise more than 128 bits. This makes thecomputer protection extremely expensive and constricts thepotentialities of information interchange via arbitrary communicationlinks.

Therefore, workers in the art more and more often tend to erectobstacles between individual computers and communication links open togeneral use, such obstacles being called ‘firewalls’ (see, e.g., article‘New anti-vandal software provides Next Generation PC Protection’ in theInternet address <IRL: http://www.esafe.com/press/pr032997.html>).

Any modern firewall comprises a firmware complex that provides forfiltering entries (e.g. net traffic), extracting (in accordance withpre-selected criteria) suspicious entries and either precluding theiraccess in the protection zone or temporarily isolating them, e.g. in a‘sandbox’ for the follow-up inspection out of contact with the native DBor KB.

Thus, U.S. Pat. No. 6,275,938 discloses a method for verifyingsuspicious programs engineered for running directly on computer platformhaving memory modules and interface. The method comprises:

-   -   extracting a predetermined limited storage area (‘sandbox’) in        the computer LTS for logging and storage of suspicious programs,    -   loading such programs into said sandbox,    -   entering a check code in each suspicious program for blocking        external links of said sandbox,    -   replacing concatenations in the code for the interface module        with concatenations with a conversion module for suppression and        blocking the operation of certain parts of the interface module,        and    -   check-running the suspicious program.

Such verification includes the usage of the native hardware and softwareof the computer to be protected. Therefore, even in case the users ofthe protected computers take an active control over the verification,professional crackers can breach the firewall. Moreover, not onlysuspicious programs can be the carriers of worms and Trojan horses butalso textual and/or iconic messages taken from the Internet, which areinoffensive in appearance, may happen to be such.

More effective are firewalls that:

-   -   are automatically inserted on detecting such patterns of        activity in messages received via communication links that        indicate an attempted breach of the safety system (U.S. Pat. No.        6,304,975); or    -   are equipped with additional input-output interfaces utilizing        codes of the type ‘friend-foe’ well-known to those skilled in        the art.

However, automatically controlled software firewalls are not effectivewhen crackers use such cracking software that have not been consideredin the protection program, and utilization of said codes is actuallypossible only in relatively closed net of the Ethernet type, were eachuser receives the code ‘friend’ prior to coming into contact.

Therefore, creation of firewalls for such PC and computer systems thatare to operate in the mode of free data exchange with other computersvia arbitrary communication links and particularly via Internet remainsan actual problem.

To overcome that problem, it is advisable to use additional hardwarehaving native software. According to the available data, the most alikewith the method and device of the invention are method and device forprotection of computer memory against unauthorized access of outsideusers via Internet disclosed in U.S. Pat. No. 6,061,742.

Known method is based on partitioning the data received from an externalnet via public communication links and instructions for controlling theprocessing of data incoming from the protected computer.

To practice the method, an intermediate net adapter is suggested thatcomprises:

-   -   a first interface for data exchange between the external net and        this adapter, a second interface for data exchange between this        adapter and a native net interface of a protected computer, and    -   an external controller (processor) connected with said net        adapter and designed for partitioning the data received from an        external net via the first interface and instructions incoming        from the protected computer via the second interface.

Such increase in the number of ‘moderators’ between individual computers(including those incorporated in the local net having a common controlcenter) and an external net reduces the risk of unauthorized access tothe protected data via Telnet, FTP or SNMP, but it does not excludecracking DB and/or KB and/or damage of SW when utilizing new netprotocols. Actually, the known arrangement does not provide for completeisolation of LTS and OS of the protected computer against attacks fromthe outside.

BRIEF DESCRIPTION OF INVENTION

The invention is based on the problem of creation—by enhancing theprocedure of date exchange—such method and such device for protectionagainst unauthorized access which could actually exclude logging ofoutside users in LTS and OS of the protected computers in theunrestricted interchange of any data via arbitrary communication links.

This problem is solved in that in a method for protection of computermemory against unauthorized access based on partitioning the datareceived via communication links open to general use and instructionsfor controlling the processing of data incoming from the protectedcomputer, utilizing external hardware, according to the invention themethod further includes:

-   -   a) in each communication session, logging all incoming messages        first into at least one external storage (ES hereafter) locked        at the side of the protected computer;    -   b) then locking the ES input at the side of the communication        link;    -   c) sorting nonempty set of received messages under control of an        external controller having native software independently of CPU,        LTS and OS of the protected computer, arid extracting therefrom        at least one nonempty subset of files that belongs to the group        of subsets consisting of:    -   first subset of files having standard name extensions indicating        a textual or iconic nature of those files, and/or    -   second subset of files having standard name extensions        indicating a program nature of those files, and/or    -   third subset of files having non-standard name extensions that        can be attributed either to the first or to the second of said        subsets after additional analy sis; and    -   d) processing messages in each of said subsets under control of        said external controller again independently of CPU, LTS and OS        of the protected computer in order to determine the demand in        their reception and admissibility of their: inclusion in DB        and/or KB and/or SW of the protected computer.

Inasmuch as such processing of all the received messages is carried outin the external sandbox based on ES having lockable inputs/outputs, itis possible to create substantially impenetrable firewall at the inputto each protected computer or local computer net at low cost of softwareand hardware. Actually, at any number of sequential attacks fromoutside, any message comes to the protected computer only via the ES thecontents of which are deleted after each communication session.Similarly, all the outputs to the external communication links takeplace via the ES with the interface of the protected computer beinglocked.

Therefore, any operation in the ‘inquiry-answer’ mode is substantiallyeliminated.

The first additional characteristic feature consists in that eachreceived message being a textual and/or iconic file from said firstsubset is displayed via video display adapter only in the graphic modein the shape of a pixel pattern, the demand in the received message isreviewed, and then:

-   -   in case of positive review, the pixel pattern is converted into        the standard textual and/or graphic format in the active display        window, and this converted message is logged directly from the        active display window into the LTS of the protected computer,        and the corresponding entry in the ES is deleted, and    -   in case of negative review, the active display window is closed        without storing any data, and the entry with the corresponding        message in the ES is deleted.

The conversion of textual and/or iconic files into a pixel pattern andthe reverse conversion of this pixel pattern into a suitable standardtextual and/or graphic format at least deactivates and, in most cases,deletes any viruses and any worms or Trojan horses and similar‘complements’ that hackers and crackers use for unauthorized access tothe memories of other's computers.

The second additional characteristic feature consists in that said pixelpattern representing a textual and/or iconic file is formed with theusage of standard instructions for screen control. This allows sharpreduction in the consumption of hardware and software resources for saidconversion and reverse conversion as well as reduction in the traffic onthe transmission channel, for at least the background for the textand/or image is provided by one instruction. Similarly the usage of suchinstructions allows the texts and images comprising standard elements tobe presented in more economical way.

The third additional characteristic feature consists in that said videodisplay adapter and said display are a video display adapter and adisplay of the protected computer. This allows the external (relative tothe protected computer) hardware of the firewall to be simplifiedwithout reducing the effectiveness of the protection against cracking.

The fourth additional characteristic feature consists in replacing thestandard extension in the name of each program file of said secondsubset with a non-standard extension, executing a trial run of such filepreferably externally of the protected computer, reviewing the demand inthe received message, and then:

-   -   in case of positive review, storing a received program in the        LTS of the protected computer, and deleting the entry with the        initial message in the ES, and    -   in case of negative review, deleting the entry with the wrong        initial message in the ES.

Even when a suspicious program containing a worm and/or a Trojan horseis tested in a protected computer and adopted, said cracking means willbe preserved in the storage of the protected computer for it can receivethe next message from the outside only via lockable ES and it cannotautomatically respond to the requests of the outside users.

The fifth additional characteristic feature consists in firstlydisplaying each received message of said third subset via the videodisplay adapter in the graphic mode only, visually identifying as a filebelonging to said first subset or to said second subset, and then:

-   -   a) reviewing the demand in each identified textual and/or iconic        file by the visual analysis of the pixel pattern, and    -   in case of positive review, converting the pixel pattern into a        standard textual and/or graphic format in the active display        window, and logging this converted message directly from the        active display window into the LTS of the protected computer        while deleting the corresponding entry in the ES, and    -   in case of negative review, closing the active display window        without storing any data, while deleting the entry with the        corresponding message in the ES.    -   b) replacing the standard extension in the name of each        identified program file with a non-standard extension, executing        a trial run of the program preferably externally of the        protected computer, reviewing the demand in the received        program, and    -   in case of positive review, storing the received program in the        LTS of the protected computer, and deleting the entry with the        initial message in the ES, and    -   in case of negative review, deleting the entry with the wrong        initial message in the ES.

Naturally, the textual and/or graphic files received under suchprocessing will be substantially free of viruses or cracking programs,and the received program files will serve as burials for worms and/orTrojan horses.

The problem is also solved in that in the device for protection of thecomputer memory against unauthorized access, comprising an external(relative to the protected computer) means for data exchange betweenthis computer and external sources of messages and at least one externalcontroller for controlling the processing of messages received, designedfor partitioning the data received from the external sources andinstructions incoming from the protected computer, according to theinvention:

-   -   the means for data exchange between the computer to be protected        and external sources of messages is based on at least one        external storage (ES) designed for logging each next set of        incoming messages and temporarily storing it for the time of        processing and which is connected to the external sources of        messages via a controllable input switch,    -   the external controller has its control output connected to said        ES and is provided with native software loaded in a permanent        storage (PS) for processing incoming messages, and    -   the data output of said ES is connected to a framebuffer adapted        for converting incoming textual and/or iconic messages into        graphic format and sequentially outputting the converted        messages via a controllable output switch to the display for        testing and taking decision on receipt or refusal of each        message.

Such device cuts off the OS and LTS of the protected computer againstexternal sources of messages for the whole time of receiving andprocessing each next set of incoming messages. Then, it serves as acontrollable buffer for sending only such messages from the protectedcomputer to external communication links that are approved by the legaluser in the mode when OS and LTS of the protected computer aredisconnected from ES, and only the data output of this ES is connectedwith the communication link. Thus, even when receiving programs infectedwith worms and Trojan horses, no dialogue between the protected computerand any unauthorized user is ever possible.

The first additional characteristic feature consists in that, in themode of testing the incoming messages, said framebuffer is connected tosaid display via native framebuffer of the protected computer. Thisreduces the hardware cost of the firewall.

The second additional characteristic feature consists in that said PS isconnected between said controller and said ES. This allows not only theprograms for processing the incoming messages to be incorporated in thefirewall but also emulators of operation systems necessary forperforming a substantial part of such processing inside the firewall.

The third additional characteristic feature consists in that the devicefor protection of computer memory is provided with an instruction bufferconnected via input lock to at least one control output of the protectedcomputer and then to the driving point of the controller and/or drivingpoint of the ES. This allows, when necessary, compensation of damages orloss of the native SW of the firewall wholly or partially ormodification of such SW and, as required by the user of the protectedcomputer, manual control of the processing (i.e. testing and reviewing)of the incoming messages.

BRIEF DESCRIPTION OF THE DRAWING

The invention will now be explained by detailed description of a deviceand method for protection of the computer memory against unauthorizedaccess with reference to the accompanying drawing wherein a blockdiagram of the device for protection of the computer memory againstunauthorized access (DPCM hereafter) is represented.

BEST MODE FOR CARRYING OUT THE INVENTION

The DPCM comprises such external (relative to the protected computer)units: a controllable input switch 1 for connection of DPCM to anarbitrary external communication link (not specially shown in thedrawing) and disconnection such link for the time of processing anonempty set of incoming messages, at least one external storage (ES) 2having its data input connected to the switch 1 and adapted for loggingand temporarily storing each next set of incoming messages for the timeof processing thereof,

-   -   an external controller 3 provided with native software for        processing incoming messages and having its control output        connected with ES 2,    -   a permanent storage (PS) 4 connected between the controller 3        and ES 2 and adapted for storing said native SW,    -   a framebuffer 5 connected to the data output of ES 2 and adapted        for converting each incoming message into graphic format and, as        required, for temporary storing converted messages till        termination of testing and taking decision on receipt or refusal        of each message,    -   a controllable output switch 6 for connection of the framebuffer        5 to the data input of a display 7 of a protected computer 8,        utilizing, as required, a video display adapter 9 intrinsic to        the protected computer.

It is expedient that DPCM include an instruction buffer 10 connected viainput lock 11 to at least one control output (e.g., of a keyboard and/ormouse) of the computer 8 and then to the driving point of the controller3 and/or driving point of the ES. This same buffer 10 can be used forcompensation of damages or loss and for modification of the native SW ofthe DPCM wholly or partially and, as required by the legal user of thecomputer 8, for manual control of the processing of the incomingmessages.

All the mentioned units can be easily brought about by those skilled inthe art of computer engineering on the basis of available components.Actually:

-   -   the external controller 3 can be instrumented on the basis of        arbitrary modern processors for personal computers, and    -   the ES 2 and PS 4 can be made in the form of usual “read only        memory units (ROM)”, nonvolatile memory units of the “EPROM”        type, memory chips of the “FLASH” type, disks of the “CD ROM”        type with corresponding laser drives, stand-alone drives        provided with a hard disk and their optional suitable        combinations.

The described device operates as means for executing a complex ofprograms for data exchange between the protected computer 8 and anarbitrary communication link.

Thus, the software for reception and processing of messages incoming viaexternal communication link includes minimum the following components:

-   -   a) an instruction for automatically locking the controllable        output switch 6 prior to connecting the computer 8 to the source        of messages, e.g. Internet;    -   b) an instruction for automatically logging all incoming        messages in each communication session in at least one ES 2        locked at the side of the computer 8;    -   c) an instruction for automatically locking the controllable        input switch 1 at the data input of ES 2 after termination or        interruption of the communication with the source of messages;    -   d) a program for preferably automatically sorting a nonempty set        of received messages and extracting therefrom at least one        nonempty subset of files that belongs to the group of subsets        consisting of:    -   first subset of files having standard name extensions indicating        a textual or iconic nature of those files, such as “txt; asc;        rtf; doc; html; htm; bmp; jpg; gif, tif” et al. and/or second        subset of files having standard name extensions indicating a        program nature of those files, such as “exe; com; bat; log; sys;        dat; dll; dot; chm; tlb; fon; pak; Isd; htf, ind; wdf; clf; swi”        et al. and/or    -   third subset of files having non-standard name extensions        (usually assigned by the sender) that can be attributed to the        first or to the second of said subsets only after additional        analysis; and    -   e) a program for processing messages in each of said subsets in        order to determine the demand in their reception and        admissibility of their inclusion in DB and/or KB and/or SW of        the protected computer 8.

The sorting program always provides the operations of:

-   -   a) analysis of full names of received files;    -   b) comparison of actual extensions of file names with standard        name extensions;    -   c) extraction of at least one said subset (considering that the        files having any dubious extension can be included in the third        subset).

Programs for processing messages are specific for each of said subsetsof files and include mainly automatic and, as required and at request,manual operations.

Thus the program for processing messages in the form of textual and/oriconic files of said first subset provides as minimum:

-   -   a) automatically converting each message into the graphic        format, i.e. into a pixel pattern;    -   b) automatically displaying said pixel pattern via video display        adapter only in the graphic mode using, as required, standard        commands for screen control (usage of the video display adapter        9 and display 7 as bypassing the OS and LTS of the protected        computer 8 is absolutely safe);    -   c) reviewing the demand in the received message usually        performed by a legal user of the protected computer 8 by way of        visual analysis of the text and/or image in the active display        window;    -   d) issuing (manually as a rule) an instruction either for        receipt or refusal in receipt of the message;    -   e) usually automatically converting the pixel pattern that        corresponds to the received message into a suitable standard        textual and/or graphic format, and    -   f) automatically or manually logging a received message in        textual and/or iconic format directly from the active display        window under a suitable name into the LTS of the protected        computer 8 and automatically issuing an instruction for deleting        the corresponding entry in the ES 2, or    -   g) preferably automatically closing the active display window        that contains a pixel pattern corresponding to the discarded        message without storing any data and automatically issuing an        instruction for deleting the corresponding entry in the ES 2;    -   h) automatically deleting the accepted or discarded message in        the ES 2 after the operation (f) or (g) performed depending on        the pre-setting, either immediately or after an optional time        delay (till the termination of the processing of all messages        logged in the ES 2 in one communication session).

The program for processing messages in the form of program files of saidsecond subset provides as minimum:

-   -   a) usually automatically replacing a standard name extension of        each received program file with a non-standard extension;    -   b) preferably manually executing a trial run of the program file        with a modified name preferably externally of the protected        computer 8 (particularly in the DPCM, with the help of the        controller 3 and PS 4);    -   c) reviewing the demand in the received message usually        performed by a legal user of the protected computer 8 by way of        analyzing the results of said trial run;    -   d) issuing (manually as a rule) an instruction either for        receipt or refusal in receipt of the program message;    -   e) preferably manually logging a received program (preferably        with a new name) into the LTS of the protected computer 8 and        automatically issuing an instruction for deleting the        corresponding entry in the ES 2, or    -   f) automatically issuing an instruction for deleting the entry        with the discarded program message in the ES 2; and    -   g) automatically deleting the accepted or discarded message in        the ES 2 after the operation (e) or (f) performed depending on        the pre-setting, either immediately or after an optional time        delay (till the termination of the processing of all messages        logged in the ES 2 in one communication session).

The program for processing messages in the form of undefined files ofsaid third subset provides as minimum:

-   -   a) automatically converting each undefined message into the        graphic format, i.e. into a pixel pattern;    -   b) automatically displaying said pixel pattern via video display        adapter only in the graphic mode using, as required, standard        commands for screen control (usage of the video display adapter        9 and display 7 as bypassing the OS and LTS of the protected        computer 8 is absolutely safe);    -   c) identifying each next message either as a file belonging to        said first subset or as a file belonging to said second subset,        and then:    -   either performing operations (c) to (h) of the described above        program for processing textual and/or iconic files for each        detected file of such type,    -   or performing all operations of the described above program for        processing each detected program file.

A significant part of the firewall of the invention is a program fortransferring messages from the protected computer 8 into the externalcommunication link. It comprises:

-   -   a) a manually issued instruction for connecting the protected        computer 8 to the external communication link that causes        locking both switches 1 and 6;    -   b) instructions issued via input lock 11 and buffer 10 for        automatically checking the absence of entries in ES 2 after        preceding communication session and automatic reset of ES 2 in        case any wrong entries were left for some reasons;    -   c) a usually manually issued instruction for logging messages        intended to be sent that enter the ES 2 via input lock 11 and        buffer 10;    -   d) an instruction for automatically unlocking the switch 1        performed after termination of the logging in the ES 2;    -   e) an instruction for sending messages into the external        communication link which is usually performed automatically        while the switch 6 and the lock 11 are blocked.

INDUSTRIAL APPLICABILITY

The invention is industrially applicable for:

-   -   the device for protection of computer memory against        unauthorized access can be easily instrumented on the basis of        available components,    -   the method carried out by means of this device provides for        substantially impenetrable protection of data bases and/or        knowledge bases and/or software of computers protected against        cracking.

1-10. (canceled)
 11. A system for protecting a computer device fromunauthorized access, said system being external with respect to thecomputer device and being connectable to a source of data to be providedto said computer device, said system comprising a controller forprocessing said data to produce graphic information representing saiddata.
 12. The system of claim 11, wherein said graphic data are adaptedfor displaying by a monitor controllable by said computer device. 13.The system of claim 11, wherein said source of data is configured forsupplying said data via a communication link.
 14. The system of claim11, wherein said controller is configured for receiving instructionsfrom said computer device.
 15. The system of claim 14, furthercomprising an input buffer responsive to the instructions from saidcomputer device for supplying the controller with a driving signal. 16.The system of claim 11, further comprising an output buffer responsiveto output information from the controller for converting said outputinformation into a graphic format.
 17. The system of claim 16, whereinsaid output buffer is configured for temporarily storing convertedgraphic information until processing of said data is completed.
 18. Thesystem of claim 16, further comprising a storage for storing said dataduring a period of processing said data by said controller.
 19. Thesystem of claim 18, wherein said storage is responsive to said outputinformation from the controller for supplying said output buffer withsaid output information.
 20. The system of claim 11, further comprisinga controllable input switch connectable to said source of data andconfigured for preventing said data from being supplied to thecontroller after termination of communication with said source of data.21. The system of claim 11, further comprising a controllable outputswitch configured for outputting said graphic information.
 22. A methodof preventing unauthorized access to a computer device using aprotection device external with respect to the computer device, themethod comprising the steps of: preventing data to be provided to thecomputer device from being supplied to the computer device, supplyingsaid data to the protection device, and processing said supplied data toproduce graphic information.
 23. The method of claim 22, furthercomprising the step of displaying said graphic information by a monitorcontrollable by the computer device.
 24. The method of claim 22, furthercomprising the step of supplying instructions from said computer deviceto said protection device.
 25. The method of claim 22, wherein the stepof processing includes the step of converting processed information intoa graphic format.
 26. The method of claim 25, further comprising thestep of temporarily storing converted graphic information untilprocessing of the supplied data is completed.
 27. The method of claim22, further comprising the step of storing said supplied data in astorage device during processing of said supplied data.
 28. The methodof claim 22, further comprising the step of preventing said supplieddata from being supplied to the protection device after termination ofcommunication with a source of said supplied data.
 29. The method ofclaim 22, further comprising the step of providing controllable outputof said graphic information.
 30. The method of claim 22, furthercomprising the step of preventing data stored in the computer devicefrom being transferred outside of the computer device.